Back to skill

Security audit

备课AFP · Course-Prep-Auto-Flow

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed course-preparation workflow with external image generation and Feishu document delivery, so users should review data-sharing implications but the behavior is aligned with the skill’s purpose.

Install only if you are comfortable sending course prompts, reference materials, generated images, and final drafts to the configured image provider and Feishu workspace. Use limited-scope credentials, verify the custom API endpoint and referenced image-generation helper skill, and avoid confidential or regulated course material unless those services are approved for that data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as a course-preparation workflow, but the body of the skill expands into external image generation, Feishu document creation, and media delivery actions that are not clearly disclosed in the top-level description. This mismatch can cause users or orchestrators to invoke the skill without understanding that it may call external services or create persistent artifacts, increasing the risk of unintended data disclosure or unauthorized side effects.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The embedded shell command introduces an execution pathway involving API keys, a third-party base URL, and file output, which goes beyond passive course drafting. Even though the prompt is user-facing, command-template instructions in a skill increase the chance of unsafe tool use, secret exposure, or unintended external requests if variables are filled automatically or copied into an execution environment.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill directs creation of Feishu documents and image/media delivery, which are write operations to external systems and can expose user-provided materials or generated content outside the current session. Because these actions are not merely analytical but create persistent artifacts and send data through APIs, they materially increase privacy and integrity risk if triggered without explicit authorization.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description does not warn users that it may create Feishu documents, send media, or use external APIs, so users may provide sensitive course materials without realizing they could be transmitted or persisted elsewhere. Lack of disclosure undermines informed consent and makes accidental data leakage more likely in normal use.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.